NiGHTSFTP: Digital signatures can't really be "removed" by anyone -- they're just data that can be verified using a public key. The rating system you proposed has the problem that a malicious user could create a high rating for a file they like and sign it with a bunch of different keys, so it looks like many different users rating the file. It's not clear how to solve this problem.

I think the file authenticity stuff is more interesting and more tractable. It's straightforward to have GNU or RedHat publish their public key on their website and to sign their free software distributions. Users can then check the authenticity of distributions downloaded form Gnutella using those keys. As you suggested, users could even restrict their searches to match only items signed by a particular key.

A lot of work has been done on this sort of authenticated data distribution. In particular, see the
self-certifying read-only file system (SFSRO) and the cooperative file system (CFS).

Similar techniques could be applicable to content stored on Gnutella (although Gnutella can't provide the same load balancing properties as CFS).